Summary
External authentication can be bypassed by downstream connections that use PROXY protocol.
Details
Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true.
Impact
Authentication bypass
Credit
allenh@palantir.com
Summary
External authentication can be bypassed by downstream connections that use PROXY protocol.
Details
Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when
failure_mode_allowis set totrue.Impact
Authentication bypass
Credit
allenh@palantir.com